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DETAILED ACTION 
Information Disclosure Statement 

1 . The information disclosure statements (IDS) submitted on 1 2/1 5/2003 has been 
received, entered into the record, and considered. The submission is in compliance 
with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is 
being considered by the .examiner. 

The listing of references in the specification is not a proper information disclosure 
statement. 37 CFR 1 .98(b) requires a list of all patents, publications, or other 
information submitted for consideration by the Office, and MPEP § 609.04(a) states, 
"the list may not be incorporated into the specification but must be submitted in a 
separate paper." Therefore, unless the references have been cited by the examiner on 
form PTO-892, they have not been considered. 

Priority 

2. Receipt is acknowledged of papers submitted under 35 U.S.C. 1 19(a)-(d), which 
papers have been placed of record in the file. 

Specification 

3. The disclosure is objected to because of the following informalities: In page 33, 
line 13 of the specification, "using the path expresslong" should be changed to "using 
the path expressing". 

Appropriate correction is required. 

Claim Objections 



! 
I 

Application/Control Number: 10/735,837 Page 3 

Art Unit: 2168 

4. Claim 16 is objected to because of the following informalities: The phrase "which 
is stored in s predetermined storage means" is incoherent. Appropriate correction is 
required. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

6. Claims 6, 8, 10, 13-14, and 16 are rejected under 35 U.S.C. 102(a) as being 
anticipated by Damiani et al. (Article entitled "A Fine-Grained Access Control System 
for XML Documents", dated May 2002). 

7. Regarding claim 6, Damiani teaches an information processor comprising: 

A) a path table control unit for controlling a path table describing paths of a data file 
stored in the database (Pages 183 and 186. Figure 5); and 

B) an access right decision unit for selecting a predetermined path in the path table 
controlled by the path table control unit by a path expression describing a retrieval 
condition for the database (Page 186, Figure 5); 

C) applying the access control policy describing the access control rules (Pages 183 
and 186, Figure 5); and 
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D) deciding an access right in database retrieval by the path expression with respect to 
the predetermined path (Pages 183 and 186, Figure 5). 

The examiner notes that Damiani teaches "a path table control unit for 
controlling a path table describing paths of a data file stored in the database" as 
"Authorizations specified on an element can be defined as applicable to the element's 
attributes only (local authorizations) or, in a recursive approach, to its subelements and 
their attributes (recursive authorizations)" (Page 183, Section 5.1 : Basic Features of the 
Access Authorizations) and "Figure 5 lists the resulting authorizations" (Page 186, 
Section 5.2: Access Authorizations). The examiner further notes that Damiani teaches 
"an access right decision unit for selecting a predetermined path in the path table 
controlled by the path table control unit by a path expression describing a 
retrieval condition for the database" as "Figure 5 lists the resulting authorizations" 
(Page 186, Section 5.2: Access Authorizations). The examiner further notes that 
Figure 5 of Damiani clearly shows different access conditions for different paths in a 
database for queries from users. The examiner further notes that Damiani teaches 
"applying the access control policy describing the access control rules" as 
"Figure 5 lists the resulting authorizations" (Page 186, Section 5.2: Access 
Authorizations) and "Authorizations specified on an element can be defined as 
applicable to the element's attributes only (local authorizations) or, in a recursive 
approach, to its subelements and their attributes (recul-sive authorizations)" (Page 183, 
Section 5.1 : Basic Features of the Access Authorizations). The examiner further notes 
that Damiani teaches "deciding an access right in database retrieval by the path 
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expression with respect to the predetermined path" as "Authorizations specified on 
an element can be defined as applicable to the element's attributes only (local 
authorizations) or, in a recursive approach, to its subelements and their attributes 
(recursive authorizations)" (Page 183, Section 5.1: Basic Features of the Access 
Authorizations) and "Figure 5 lists the resulting authorizations" (Page 186, Section 5.2: 
Access Authorizations). 

Regarding claim 8, Damiani further teaches an information processor 
comprising: 

A) a path expression extraction unit for extracting the path expressions from a query 
expression specifying a retrieval method for the database (Pages 185-186). 

The examiner notes that Damiani teaches "a path expression extraction unit 
for extracting the path expressions from a query expression specifying a retrieval 
method for the database" as "object is either a URI in Obj or is of the form URI:PE, 
where URI e Obj and PE is a path expression on the tree of document URI" (Page 185, 
Section 5.2: Access Authorizations). 

Regarding claim 9, Damiani further teaches an information processor 
comprising: 

A) a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights, 
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which are obtained by the access right decision unit, for the individual path expressions 
extracted from the query expression (Pages 190-191). 

The examiner notes that.Damiani teaches "a query expression access right 
decision unit for deciding access rights in the database retrieval by the query 
expression based on decision results of access rights, which are obtained by the 
access right decision unit, for the individual path expressions extracted from the 
query expression" as "The value of n.veclabel[t].sign can be "+" for permission, "-" for 
denials, and "s" for no authorization" (Page 188, Section 6.1: Document Tree Labeling) 
and "Signs + and - must then be mapped to the other two values, namely 1 (true) and 

(indeterminate" (Page 190, Section 6.1 : Document Tree Labeling) and "As a result of 
the labeling process, the value of finlabel for each node n contains the sign, if any, 
reflecting whether the node can be accessed (+) or not (-)" (Page 191 , Section 6.2; 
Transformation Process). 

Regarding claim 10, Damiani teaches a database retrieval system comprising: 

A) a database storing an XML document (Page 171); and 

B) an access rights analysis device which decides, based on path expressions 
describing retrieval conditions used in retrieval for the database and an access control 
policy describing access control rules, to which one of 1) always permitted, 2) always 
denied, and 3) indetenninate an access right in the database retrieval using the path 
expressions corresponds (Pages 188, 190). 



Application/Control Number: 10/735,837 Page 7 

Art Unit: 2168 

The examiner notes that Damiani teaches "a database storing an XML 
document" as "The rationale for our approach is defining an XML markup for a set of 
security elements describing the protection requirements of XML documents" (Page 
171, Section 1: Introduction). The examiner further notes that Damiani teaches "an 
access rights analysis device which decides, based on path expressions 
describing retrieval conditions used in retrieval for the database and an access 
control policy describing access control rules, to which one of 1) always 
permitted, 2) always denied, and 3) indeterminate an access right in the database 
retrieval using the path expressions corresponds" as "The value of 
n.veclabel[t].sign can be "+" for permission, "-" for denials, and "s" for no authorization" 
(Page 188, Section 6.1: Document Tree Labeling) and "Signs + and - must then be 
mapped to the other two values, namely 1 (true) and Vt. (indeterminate" (Page 190, 
Section 6.1 : Document Tree Labeling). 

Regarding claim 13, Damiani further teaches a database retrieval system 
comprising; 

A) a path table control unit for controlling a path table describing paths of a data file 
stored In the database (Pages 183 and 186, Figure 5); and 

B) an access right decision unit for selecting a predetermined path in the path table 
controlled by the path table control unit by a path expression describing a retrieval 
condition for the database (Page 186, Figure 5); 
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C) applying the access control policy describing the access control rules (Pages 183 
and 186. Figure 5); and 

D) deciding an access right in database retrieval by the path expression with respect to 
the predetermined path (Pages 183 and 186, Figure 5). 

The examiner notes that Damiani teaches "a path table control unit for 
controlling a path table describing paths of a data file stored in the database" as 
"Authorizations specified on an element can be defined as applicable to the element's 
attributes only (local authorizations) or, in a recursive approach, to its subelements and 
their attributes (recursive authorizations)" (Page 183, Section 5.1 : Basic Features of the 
Access Authorizations) and "Figure 5 lists the resulting authorizations" (Page 186, 
Section 5.2: Access Authorizations). The examiner further notes that Damiani teaches 
"an access right decision unit for selecting a predetermined path in the path table 
controlled by the path table control unit by a path expression describing a 
retrieval condition for the database" as "Figure 5 lists the resulting authorizations" 
(Page 186, Section 5.2: Access Authorizations). The examiner further notes that 
Figure 5 of Damiani clearly shows different access conditions for different paths in a 
database for queries from users. The examiner further notes that Damiani teaches 
"applying the access control policy describing the access control rules" as 
"Figure 5 lists the resulting authorizations" (Page 186, Section 5.2: Access 
Authorizations) and "Authorizations specified on an element can be defined as 
applicable to the element's attributes only (local authorizations) or. In a recursive 
approach, to its subelements and their attributes (recursive authorizations)" (Page 183, 
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Section 5.1 : Basic Features of the Access Authorizations). The examiner further notes 
that Damiani teaches "deciding an access right in database retrieval by the path 
expression with respect to the predetermined path" as "Authorizations specified on 
an element can be defined as applicable to the element's attributes only (local 
authorizations) or, in a recursive approach, to its subelements and their attributes 
(recursive authorizations)" (Page 183, Section 5.1: Basic Features of the Access 
Authorizations) and "Figure 5 lists the resulting authorizations" (Page 186. Section 5.2: 
Access Authorizations). 

Regarding claim 14, Damiani further teaches a database retrieval system 
comprising: 

A) a path expression extraction unit for extracting the path expressions from a query 
expression specifying a retrieval method for the database (Pages 185-186); and 

B) a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights, 
which are obtained by the access right decision unit, for the individual path expressions 
extracted from the query expression (Pages 190-191). 

The examiner notes that Damiani teaches ''a path expression extraction unit 
for extracting the path expressions from a query expression specifying a retrieval 
method for the database" as "object is either a URI in Obj or is of the form URI:PE, 
where URI e Obj and PE is a path expression on the tree of document URI" (Page 185, 
Section 5.2: Access Authorizations). The examiner further notes that Damiani teaches 
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"a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access 
rights, which are obtained by the access right decision unit, for the individual 
path expressions extracted from the query expression" as "The value of 
n.veclabel[t].sign can be "+" for permission, "-" for denials, and "e" for no authorization" 
(Page 188, Section 6.1: Document Tree Labeling) and "Signs + and - must then be 
mapped to the other two values, namely 1 (true) and Vz (indeterminate" (Page 190, 
Section 6.1; Document Tree Labeling) and "As a result of the labeling process, the 
value of finlabel for each node n contains the sign, if any, reflecting whether the node 
can be accessed (+) or not (-)" (Page 191, Section 6.2: Transformation Process). 

Regarding claim 16, Damiani further teaches a database retrieval system 
comprising: 

A) a path expression extraction unit for extracting the path expressions from a query 
expression specifying a retrieval method for the database (Pages 183, 185-186); and 

B) a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights, 
which are obtained by the access right decision unit, for the individual path expressions 
extracted from the query expression (Pages 190-191). 

The examiner notes that Damiani teaches "selecting a predetermined path 
from a path table, which is stored in s predetermined storage means and 
describes paths of a data file stored in the database, by a path expression 



Application/Control Number: 10/735,837 Page 11 

Art Unit: 2168 

describing a retrieval condition for the database" as "object is either a URI in Obj or 

is of the form URI:PE, where URI e Obj and RE is a path expression on the tree of 
document URI" (Page 185, Section 5.2: Access Authorizations), "Authorizations 
specified on an element can be defined as applicable to the element's attributes only 
(local authorizations) or, in a recursive approach, to its subelements and their attributes 
(recursive authorizations)" (Page 183, Section 5.1: Basic Features of the Access 
Authorizations), and "Figure 5 lists the resulting authorizations" (Page 186, Section 5.2: 
Access Authorizations). The examiner further notes that Damiani teaches "a query 
expression access right decision unit for deciding access rights in the database 
retrieval by the query expression based on decision results of access rights, 
which are obtained by the access right decision unit, for the individual path 
expressions extracted from the query expression" as "The value of 
n.veclabel[t].sign can be "+" for permission, "-" for denials, and "e" for no authorization" 
(Page 188, Section 6.1 : Document Tree Labeling) and "Signs + and - must then be 
mapped to the other two values, namely 1 (true) and Vz (indeterminate" (Page 190, 
Section 6.1 : Docurpent Tree Labeling) and "As a result of the labeling process, the 
value of finlabel for each node n contains the sign, if any, reflecting whether the node 
can be accessed (+) or not (-)" (Page 191, Section 6.2: Transformation Process). 

Claim Rejections - 35 USC § 103 
8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
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the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

9. Claims 1-5, 7, 9. 11-12, 15, and 17-20 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Damiani et al. (Article entitled "A Fine-Grained Access Control 
System for XML Documents", dated May 2002) as applied to claims 6, 8, 10, 13-14, and 
16, and in view of Murata (Article entitled "Extended Path Expressions for XML", dated 
04/29/2001). 

10. Regarding claim 1 , Damiani teaches an information processor comprising: 
A) an access control automaton generation unit for generating an access control 
automaton from an access control policy in which an access control rule is described 
(Pages 185-186); and 
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B) a logic operation unit for deciding access rigiits in database retrieval using the path 
expression by performing logic operations related to the query automaton generated by 
the query automaton generation unit and the access control automaton generated by 
the access control automaton generation unit (Page 191). 

The examiner notes that Damiani teaches "an access control automaton 
generation unit for generating an access control automaton from an access 
control policy in which an access control rule is described" as "An access 
authorization a e Auth is a five-tuple of the form: <subject, object, action, sign, type>" 
(Page 185, Section 5.2: Access Authorizations). The examiner further notes that it is 
common knowledge that an automaton is a five-tuple with states, symbols, and . 
transition states. The examiner further notes that Damiani teaches "a logic operation 
unit for deciding access rights in database retrieval using the path expression by 
performing logic operations related to the query automaton generated by the 
query automaton generation unit and the access control automaton generated by 
the access control automaton generation unit" as "In particular, the final sign finlabel 
of each node n is determined as the result of operation ® between the sign field of 
components of array n.veclabel considered in their priority order: LDH (local hard), 
RDH (recursive hard), L (local), R (recursive), LD (local, schema level), RD (recursive, 
schema level), LS (local soft), and RS (recursive soft)" (Page 191, Section 6.1: 
Document Tree Labeling). 

Damiani does not explicitly teach: 
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C) a query automaton generation unit for generating a query automaton from a path 
expression in wliicli a retrieval condition for the database is described. 

Murata, however, teaches "a query automaton generation unit for generating 
a query automaton from a path expression in which a retrieval condition for the 
database is described" as "A selection query is select (el , e2) where e1 is a hedge 
regular expression and e2 is a pointed hedge representation " (Pages 132-133, Section 
6.1). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of the cited references because teaching 
Murata's would have allowed Damiani's to provide a method to allow for further 
processing of output relations by enabling schema translations via queries for xml 
documents, as noted by Murata (Pages 126-127, Section 1). 

Regarding claim 2, Damiani teaches an information processor comprising: 
A) wherein the logic operation unit performs decision of the access right (Page 191). 

The examiner notes that Damiani teaches "wherein the logic operation unit 
performs decision of the access right" as "In particular, the final sign finlabel of each 
node n is determined as the result of operation © between the sign field of components 
of array n.veclabel considered in their priority order: LDH (local hard), RDH (recursive 
hard), L (local), R (recursive), LD (local, schema level), RD (recursive, schema level), 
LS (local soft), and RS (recursive soft)" (Page 191, Section 6.1: Document Tree 
Labeling). 
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Damiani does not explicitly teach: 

B) a schema automaton generation unit for generating a schema automaton from a 
schema showing a structure of the data file stored in the database; and 

C) in consideration for the schema automaton generated by the schema automaton 
generation unit 

Murata, however, teaches "a schema automaton generation unit for 
generating a schema automaton from a schema showing a structure of the data 
file stored in the database" and "in consideration for the schema automaton 
generated by the schema automaton generation unit" as "Schema transformation is 
effected by first creating intersection hedge automata which stimulate the match 
identifying hedge automata and the input schemata, and then transforming the 
intersection hedge automata as appropriate to the query operation" (Pages 127, Section 

1). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of the cited references because teaching 
Murata's would have allowed Damiani's to provide a method to allow for further 
processing of output relations by enabling schema translations via queries for xml 
documents, as noted by Murata (Pages 126-127, Section 1). 

Regarding claim 3, Damiani teaches an information processor comprising: 
A) a path table control unit for controlling path table describing paths of the data file 
stored in the database (Pages 183 and 186). 
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The examiner notes that Damiani teaches "a path table control unit for 
controlling path table describing paths of the data file stored in the database" as 

"Authorizations specified on an element can be defined as applicable to the element's 
attributes only (local authorizations) or, in a recursive approach, to its subelements and 
their attributes (recursive authorizations)" (Page 183, Section 5.1 : Basic Features of the 
Access Authorizations) and "Figure 5 lists the resulting authorizations" (Page 186, 
Section 5.2: Access Authorizations). 

Damiani does not explicitly teach: 
B) wherein the schema automaton generation unit generates the schema automaton 
from the path table controlled by the path table control unit. 

Murata. however, teaches "wherein the schema automaton generation unit 
generates the schema automaton from the path table controlled by the path table 
control unit" as "Schema transformation is effected by first creating intersection hedge 
automata which stimulate the match identifying hedge automata and the input 
schemata, and then transforming the intersection hedge automata as appropriate to the 
query operation" (Pages 127, Section 1). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of the cited references because teaching 
Murata's would have allowed Damiani's to provide a method to allow for further 
processing of output relations by enabling schema translations via queries for xml 
documents, as noted by Murata (Pages 126-127, Section 1). 
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Regarding claim 4, Damiani further teaches an information processor 
comprising: 

A) a path expression extraction unit for extracting the path expressions from a query 
expression specifying a retrieval method for the database (Pages 181-182, 185-186). 

The examiner notes that Damiani teaches "a path expression extraction unit 
for extracting the path expressions from a query expression specifying a retrieval 
method for the database" as "A path expression 11/12/.. ./In on a document tree 
represents all the attributes named In that can be reached by descending the document 
tree along the sequence of nodes named I1,l2,...,ln-1" (Page 181, Section 4: 
Authorization Objects" and "object is either a URI in Obj or is of the form URI;PE, where 
URI 8 Obj and PE is a path expression on the tree of document URI" (Page 185, Section 
5.2: Access Authorizations). 

Regarding claim 5, Damiani further teaches an information processor 
comprising: 

A) a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights, 
which are obtained by the access right decision unit, for the individual path expressions 
extracted from the query expression (Pages 190-191). 

The examiner further notes that Damiani teaches "a query expression access 
right decision unit for deciding access rights in the database retrieval by the 
query expression based on decision results of access rights, which are obtained 
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by the access right decision unit, for the individual path expressions extracted 
from the query expression" as "The value of n.veclabel[t].sign can be "+" for 
permission, "-" for denials, and "e" for no authorization" (Page 188. Section 6.1 : 
Document Tree Labeling) and "Signs + and - must then be mapped to the other two 
values, namely 1 (true) and Vz (indeterminate" (Page 190, Section 6.1: Document Tree 
Labeling) and "As a result of the labeling process, the value of finlabel for each node n 
contains the sign, if any, reflecting whether the node can be accessed (+) or not (-)" 
(Page 191, Section 6.2: Transformation Process). 

Regarding claim 7, Damiani further teaches an information processor 
comprising: 

A) an access control automaton generation unit for generating an access control 
automaton from the access control policy in which the access control rule is described 
(Pages 185-186); and 

B) wherein the access right decision unit selects the predetemnined path by use of the 
query automaton generated by the query automaton generation unit; and decides an 
acce,ss right to the predetermined path by use of the access control automaton 
generated by the access control automaton generation unit (Page 191). 

The examiner notes that Damiani teaches "an access control automaton 
generation unit for generating an access control automaton from the access 
control policy in which the access control rule is described" as "An access 
authorization a e Auth is a five-tuple of the fomri: <subject, object, action, sign, type>" 
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(Page 185, Section 5.2: Access Authorizations). The examiner further notes that it is 
common knowledge that an automaton is a five-tuple with states, symbols, and 
transition states. The examiner further notes that Damiani teaches "wherein the 
access right decision unit selects the predetermined path by use of the query 
automaton generated by the query automaton generation unit; and decides an 
access right to the predetermined path by use of the access control automaton 
generated by the access control automaton generation unit" as "In particular, the 
final sign finlabel of each node n is determined as the result of operation © between the 
sign field of components of array n.veclabel considered in their priority order: LDH 
(local hard), RDH (recursive hard), L (local), R (recursive), LD (local, schema level), RD 
(recursive, schema level), LS (local soft), and RS (recursive soft)" (Page 191, Section 
6.1: Document Tree Labeling). 

Damiani does not explicitly teach: 
C) a query automaton generation unit for generating a query automaton from a path 
expression in which a retrieval condition for the database is described. 

Murata. however, teaches "a query automaton generation unit for generating 
a query automaton from a path expression in which a retrieval condition for the 
database is described" as "A selection query is select (e1 , e2) where el is a hedge 
regular expression and e2 is a pointed hedge representation" (Pages 132-133, Section 
6.1). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of the cited references because teaching 
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Murata's would have allowed Damiani's to provide a method to allow for further 
processing of output relations by enabling schema translations via queries for xml 
documents, as noted by Murata (Pages 126-127, Section 1). 

Regarding claim 9, Damiani further teaches an information processor 
comprising: 

A) a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights, 
which are obtained by the access right decision unit, for the individual path expressions 
extracted from the query expression (Pages 190-191). 

The examiner further notes that Damiani teaches "a query expression access 
right decision unit for deciding access rights in the database retrieval by the 
query expression based on decision results of access rights, which are obtained 
by the access right decision unit, for the individual path expressions extracted 
from the query expression" as "The value of n.veclabel[t].sign can be "+" for 
permission, "-" for denials, and "e" for no authorization" (Page 188, Section 6.1: 
Document Tree Labeling) and "Signs + and - must then be mapped to the other two 
values, namely 1 (true) and (indeterminate" (Page 190, Section 6.1: Document Tree 
Labeling) and "As a result of the labeling process, the value of finlabel for each node n 
contains the sign, if any, reflecting whether the node can be accessed (+) or not (-)" 
(Page 191, Section 6.2: Transformation Process). 
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Regarding claim 11, Damiani further teaches a database retrieval system 
comprising: 

A) an access control automaton generation unit for generating an access control 
automaton from the access control policy in which an access control rule is described 
(Pages 185-186); and 

B) a logic operation unit for deciding access rights in database retrieval using the path 
expression by performing logic operations related to the query automaton generated by 
the query automaton generation unit and the access control automaton generated by 
the access control automaton generation unit (Page 191). 

The examiner notes that Damiani teaches "an access control automaton 
generation unit for generating an access control automaton from the access 
control policy in which an access control rule is described" as "An access 
authorization a e Auth is a five-tuple of the form: <subject, object, action, sign, type>" 
(Page 185, Section 5.2: Access Authorizations). The examiner further notes that it is 
common knowledge that an automaton is a five-tuple with states, symbols, and 
transition states. The examiner further notes that Damiani teaches "a logic operation 
unit for deciding access rights in database retrieval using the path expression by 
performing logic operations related to the query automaton generated by the 
query automaton generation unit and the access control automaton generated by 
the access control automaton generation unit" as "In particular, the final sign finlabel 
of each node n is determined as the result of operation © between the sign field of 
components of array n.veclabel considered in their priority order: LDH (local hard), 
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RDH (recursive hard), L (local), R (recursive), LD (local, schema level), RD (recursive, 
schema level), LS (local soft), and RS (recursive soft)" (Page 191, Section 6.1: 
Document Tree Labeling). 

Damiani does not explicitly teach: 
C) wherein the access rights analysis device includes a query automaton generation 
unit for generating a query automaton from a path expression in which a retrieval 
condition for the database is described. 

Murata, however, teaches "wherein the access rights analysis device 
includes a query automaton generation unit for generating a query automaton 
from a path expression in which a retrieval condition for the database is 
described" as "A selection query is select (el, e2) where el is a hedge regular 
expression and e2 is a pointed hedge representation" (Pages 132-133, Section 6.1). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of the cited references because teaching 
Murata's would have allowed Damiani's to provide a method to allow for further 
processing of output relations by enabling schema translations via queries for xml 
documents, as noted by Murata (Pages 126-127, Section 1). 

Regarding claim 12, Damiani further teaches a database retrieval system 
comprising: 

A) a path expression extraction unit for extracting the path expressions from a query 
expression specifying a retrieval method for the database (Pages 185-186); and 
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B) a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights, 
which are obtained by the access right decision unit, for the individual path expressions 
extracted from the query expression (Pages 190-191). 

The examiner notes that Damiani teaches "a path expression extraction unit 
for extracting the path expressions from a query expression specifying a retrieval 
method for the database" as "object is either a URI in Obj or is of the form URI:PE, 
where URI e Obj and PE is a path expression on the tree of document URI" (Page 185, 
Section 5.2: Access Authorizations), The examiner further notes that Damiani teaches 
"a query expression access right decision unit for deciding access rights in the 
database retrieval by the query expression based on decision results of access 
rights, which are obtained by the access right decision unit, for the individual 
path expressions extracted from the query expression" as "The value of 
n.veclabel[t].sign can be "+" for permission, for denials, and "e" for no authorization" 
(Page 188, Section 6.1: Document Tree Labeling) and "Signs + and - must then be 
mapped to the other two values, namely 1 (true) and 14 (indeterminate" (Page 190, 
Section 6.1 : Document Tree Labeling) and "As a result of the labeling process, the 
value of finlabel for each node n contains the sign, if any, reflecting whether the node 
can be accessed (+) or not (-)" (Page 191, Section 6.2: Transformation Process). 

Regarding claim 15, Damiani teaches an access rights analysis method 
comprising: 
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A) generating an access control automaton from an access control policy in which an 
access control rule is described (Pages 185-186); and 

B) storing the access control automaton in a predetermined storage means (Page 185) 

C) a logic operation unit for deciding access rights in database retrieval using the path 
expression by performing logic operations related to the query automaton generated by 
the query automaton generation unit and the access control automaton generated by 
the access control automaton generation unit (Page 191). 

The examiner notes that Damiani teaches "generating an access control 
automaton from an access control policy in which an access control rule is 
described" as "An access authorization a e Auth is a five-tuple of the form: <subject, 
object, action, sign, type>" (Page 185, Section 5.2: Access Authorizations). The 
examiner further notes that it is common knowledge that an automaton is a five-tuple 
with states, symbols, and transition states. The examiner further notes that Damiani 
teaches "storing the access control automaton in a predetermined storage means" as 
"At each server, a set of Auth of access authorizations specifies the actions that 
subjects are allowed (or forbidden) to exercise on the objects stored at the server" 
(Page 185, Section 5.2: Access Authorizations). The examiner further notes that 
Damiani teaches "a logic operation unit for deciding access rights in database 
retrieval using the path expression by performing logic operations related to the 
query automaton generated by the query automaton generation unit and the 
access control automaton generated by the access control automaton generation 
unit" as "In particular, the final sign finlabel of each node n is determined as the result 
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of operation © between the sign field of components of array n.veclabel considered in 
their priority order: LDH (local hard), RDH (recursive hard), L (local), R (recursive), LD 
(local, schema level), RD (recursive, schema level), LS (local soft), and RS (recursive 
soft)" (Page 191 , Section 6.1: Document Tree Labeling). 
Damiani does not explicitly teach: 

D) generating a query automaton frorii a path expression in which a retrieval condition 
for the database is described. 

E) storing the generated query automaton in a predetermined storage means. 

Murata, however, teaches "generating a query automaton from a path 
expression in which a retrieval condition for the database is described" as "A 
selection query is select (el , e2) where el is a hedge regular expression and e2 is a 
pointed hedge representation" (Pages 132-133, Section 6.1) and "storing the 
generated query automaton in a predetermined storage means" as "we construct 
match-identifying hedge automata form hedge regular expressions and pointed hedge 
representations" (Page 127, Sectioni). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of the cited references because teaching 
IVIurata's would have allowed Damiani's to provide a method to allow for further 
processing of output relations by enabling schema translations via queries for xml 
documents, as noted by Murata (Pages 126-127, Section 1). 

Regarding claim 17, Damiani teaches a program comprising: 
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A) an access control automaton generation means for generating an access control 
automaton from an access control policy in which an access control rule is described 
(Pages 185-186); and 

B) a logic operation means for deciding access rights in database retrieval using the 
path expression by performing logic operations related to the generated query 
automaton and access control automaton (Page 191). 

The examiner notes that Damiani teaches "an access control automaton 
generation means for generating an access control automaton from an access 
control policy in which an access control rule is described" as "An access 
authorization a e Auth is a five-tuple of the form: <subject, object, action, sign, type>" 
(Page 185, Section 5.2: Access Authorizations). The examiner further notes that it is 
common knowledge that an automaton is a five-tuple with states, symbols, and 
transition states. The examiner further notes that Damiani teaches "a logic operation 
means for deciding access rights in database retrieval using the path expression 
by performing logic operations related to the generated query automaton and 
access control automaton" as "In particular, the final sign finlabel of each node n is 
determined as the result of operation ® between the sign field of components of array 
n.veclabel considered in their priority order: LDH (local hard). RDH (recursive hard), L 
(local). R (recursive), LD (local, schema level), RD (recursive, schema level), LS (local 
soft), and RS (recursive soft)" (Page 191, Section 6.1: Document Tree Labeling). 
Damiani does not explicitly teach: 
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C) a query automaton generation means for generating a query automaton from a path 
expression in which a retrieval condition for the database is described. 

Murata, however, teaches "a query automaton generation means for 
generating a query automaton from a path expression in which a retrieval 
condition for the database is described" as "A selection query is select (e1. e2) 
where el is a hedge regular expression and e2 is a pointed hedge representation" 
(Pages 132-133, Section 6.1). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of the cited references because teaching 
Murata's would have allowed Damiani's to provide a method to allow for further 
processing of output relations by enabling schema translations via queries for xml 
documents, as noted by Murata (Pages 126-127, Section 1). 

Regarding claim 18, Damiani further teaches a program comprising: 

A) causing the computer to function as a path expression extraction means for 
extracting the path expressions from a query expression specifying a retrieval method 
for the database (Pages 185-186); and 

B) a query expression access right decision means for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights 
for the individual path expressions extracted from the query expression (Pages 190- 
191). 
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The examiner notes that Damiani teaches "causing the computer to function 
as a patli expression extraction means for extracting the path expressions from a 
query expression specifying a retrieval method for the database" as "object is 
either a URI in Obj or is of the form URI:PE, where URI s Obj and RE is a path 
expression on the tree of document URI" (Page 185, Section 5.2: Access 
Authorizations). The examiner further notes that Damiani teaches "a query 
expression access right decision means for deciding access rights in the 
database retrieval by the query expression based on decision results of access 
rights for the individual path expressions extracted from the query expression" 
as "The value of n.veclabel[t].sign can be "+" for permission, "-" for denials, and V for 
no authorization " (Page 188, Section 6.1: Document Tree Labeling) and "Signs + and - 
must then be mapped to the other two values, namely 1 (true) and Va (indeterminate" 
(Page 190, Section 6.1: Document Tree Labeling) and "As a result of the labeling 
process, the value of finlabel for each node n contains the sign, if any, reflecting 
whether the node can be accessed (+) or not (-)" (Page 191, Section 6.2: 
Transformation Process). 

Regarding claim 19, Damiani further teaches a program comprising: 
A) a path table control means for controlling a path table describing paths of a data file 
stored in the database (Pages 183 and 186, Figure 5); and 
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B) ) an access right decision means for selecting a predetemnined path in the path 
table controlled by the path table control unit by a path expression describing a retrieval 
condition for the database (Page 186, Figure 5); 

C) applying an access control policy describing access control rules (Pages 183 and 
186, Figure 5); and 

D) deciding the presence of an access right in database retrieval by the path 
expression with respect to the predetermined path (Pages 183 and 186, Figure 5). 

The examiner notes that Damiani teaches "a path table control means for 
controlling a path table describing paths of a data file stored in the database" as 
"Authorizations specified on an element can be defined as applicable to the element's 
attributes only (local authorizations) or, in a recursive approach, to Its subelements and 
their attributes (recursive authorizations)" (Page 183, Section 5.1 : Basic Features of the 
Access Authorizations) and "Figure 5 lists the resulting authorizations" (Page 186, 
Section 5.2: Access Authorizations). The examiner further notes that Damiani teaches 
"an access right decision means for selecting a predetermined path in the path 
table controlled by the path table control unit by a path expression describing a 
retrieval condition for the database" as "Figure 5 lists the resulting authorizations" 
(Page 186, Section 5.2: Access Authorizations). The examiner further notes that 
Figure 5 of Damiani clearly shows different access conditions for different paths in a 
database for queries from users. The examiner further notes that Damiani teaches 
"applying an access control policy describing access control rules" as "Figure 5 
lists the resulting authorizations" (Page 186, Section 5.2: Access Authorizations) and 
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"Authorizations specified on an element can be defined as applicable to the element's 
attributes only (local authorizations) or, in a recursive approach, to its subelements and 
their attributes (recursive authorizations)" (Page 183, Section 5.1: Basic Features of the 
Access Authorizations). The examiner further notes that Damiani teaches "deciding 
the presence of an access right in database retrieval by the path expression with 
respect to the predetermined path" as "Authorizations specified on an element can 
be defined as applicable to the element's attributes only (local authorizations) or, in a 
recursive approach, to its subelements and their attributes (recursive authorizations)" 
(Page 183, Section 5.1: Basic Features of the Access Authorizations) and "Figure 5 
lists the resulting authorizations" (Page 186, Section 5.2: Access Authorizations). 

Regarding claim 20, Damiani further teaches a program comprising: 

A) a path expression extraction means for extracting the path expressions from a query 
expression specifying a retrieval method for the database (Pages 185-186); and 

B) a query expression access right decision means for deciding access rights in the 
database retrieval by the query expression based on decision results of access rights 
for the individual path expressions extracted from the query expression (Pages 190- 
191). 

The examiner notes that Damiani teaches "a path expression extraction 
means for extracting the path expressions from a query expression specifying a 
retrieval method for the database" as "object is either a URI in Obj or is of the form 
URI:PE, where URI 8 Obj and PE is a path expression on the tree of document URI" 
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(Page 185, Section 5.2: Access Authorizations). The examiner further notes that 
Damiani teaches "a query expression access right decision means for deciding 
access rights in the database retrieval by the query expression based on decision 
results of access rights for the individual path expressions extracted from the 
query expression" as "The value of n.veclabel[t].sign can be "+" for permission, "-" for 
denials, and "e" for no authorization" (Page 188, Section 6.1 : Document Tree Labeling) 
and "Signs + and - must then be mapped to the other two values, namely 1 (true) and 

(indeterminate" (Page 190, Section 6.1 : Document Tree Labeling) and "As a result of 
the labeling process, the value of finlabel for each node n contains the sign, if any, 
reflecting whether the node can be accessed (+) or not (-)" (Page 191 , Section 6.2: 
Transformation Process). 

Conclusion 

1 1 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Article entitled "Regulating Access to XML documents" by Gabillon et al. on July 
2001 . The subject matter disclosed therein is pertinent to that of claims 1-20 (e.g., 
methods to control access to XML documents) 

Article entitled "Efficient Filtering of XML Documents for Selective Dissemination 
of Information" by Altinel et al. in 2000. The subject matter disclosed therein is 
pertinent to that of claims 1-20 (e.g., methods to control access to XML documents) 
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U.S. PGPUB 2004/0172234 issued to Dapp et al. on 02 September 2002. The 
subject matter disclosed therein is pertinent to that of claims 1-20 (e.g., methods to 
control access to XML documents) 

U.S. PGPUB 2003/0229852 issued to Uramoto etal. on 12 December 2003. 
The subject matter disclosed therein is pertinent to that of claims 1-20 (e.g., methods to 
control access to XML documents) 

U.S. PGPUB 2004/0073870 issued to Fuh et al. on 25 March 2004. The subject 
matter disclosed therein is pertinent to that of claims 1-20 (e.g., methods to control 
access to XML documents) 

Contact Information 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Mahesh Dwivedi whose telephone number is (571) 272- 
2731. The examiner can normally be reached on Monday to Friday 8:20 am - 4:40 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tim Vo can be reached (571) 272-3642. The fax number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
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